Skip to Main content Skip to Navigation
Conference papers

What if Adversarial Samples were Digital Images?

Abstract : Although adversarial sampling is a trendy topic in computer vision , very few works consider the integral constraint: The result of the attack is a digital image whose pixel values are integers. This is not an issue at first sight since applying a rounding after forging an adversarial sample trivially does the job. Yet, this paper shows theoretically and experimentally that this operation has a big impact. The adversarial perturbations are fragile signals whose quantization destroys its ability to delude an image classifier. This paper presents a new quantization mechanism which preserves the adversariality of the perturbation. Its application outcomes to a new look at the lessons learnt in adversarial sampling.
Complete list of metadatas

Cited literature [17 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-02553006
Contributor : Patrick Bas <>
Submitted on : Wednesday, May 13, 2020 - 12:28:05 PM
Last modification on : Friday, May 15, 2020 - 2:13:04 AM

File

main_finalWOcopy.pdf
Files produced by the author(s)

Identifiers

Citation

Benoît Bonnet, Teddy Furon, Patrick Bas. What if Adversarial Samples were Digital Images?. IH&MMSEC 2020 - 8th ACM Workshop on Information Hiding and Multimedia Security, Jun 2020, Denver, France. pp.1-11, ⟨10.1145/3369412.3395062⟩. ⟨hal-02553006v2⟩

Share

Metrics

Record views

42

Files downloads

57